Marc Voses, partner in the Kaufman Dolowich and Voluck New York City office, was quoted in an article by Allison Grande that was published in Law360 in May 2017.

Law360, New York (May 14, 2017, 4:55 PM EDT) — The massive cyberattack that began sweeping the globe Friday not only threatened the ability of major businesses and institutions to function but left them exposed to a crush of legal risks attorneys say could have been avoided had they taken basic security steps.

Legal experts this weekend discussed with Law360 the unfolding consequences of the worldwide cyber assault that took tens of thousands of computer systems hostage and, in many circumstances, put people’s live in peril. Attorneys talked about the legal challenges that await the institutions that failed to safeguard their systems from attack, including Britain’s national health system, and one expert questioned how the U.S. National Security Agency, which developed the ransomware used in the global attack, allowed it to be stolen and widely shared with hackers.

While more companies are purchasing coverage to deflect or defray costs of business interruptions and lawsuits stemming from ransomware attacks, they must attest to the level of security they have in place to get the coverage, which could include a disclosure that they are running the most up-to-date software.

“If a company has told their insurance carrier that the most recent version of Windows is running, but they have terminals running Windows XP and that exposes the entire organization to a cyberattack like this, that’s likely to be unacceptable under the insurance policy contract,” Kaufman Dolowich & Voluck LLP partner Marc Voses said.

Even though a young security researcher in the U.K. inadvertently hit the “kill switch” on Friday that halted the attack, the code could still be modified, and this could “start all over again,” Voses noted. And a strike of this magnitude is almost certainly likely to be replicated in the near future.